An ISP is concerned about DoS attacks that tend to starve out legitimate flows by generating
malicious traffic. A number of techniques are being considered for the network edge. What are
three correct statements regarding preventive measures against DoS attacks? (Choose three.)
A.
Implement ACLs because the filtering performance of routers is usually higher than their
forwarding performance.
B.
Implement uRPF strict mode because it works well in service provider environments, especially
with asymmetrical routing.
C.
BGP Remote-Triggered Black Hole (RTBH) can be implemented by inducing a discard route for
the destination. However, this option, when used in its simplest form, has the potential to take the
target offline.
D.
BGP Remote-Triggered Black Hole (RTBH) and uRPF loose mode can be configured to
collaborate towards mitigating the DOS attack.
E.
Implement strict QoS policers at the network edge for malicious flows where a classification
ACL can be used to dynamically add and delete a source address.
F.
Implement control plane policing.